Just about everyone using Windows XP runs the operating system as administrator - or root, if you come from a UNIX background. Such is the case because Microsoft, in its infinite wisdom, figured it somehow made sense to give every user full access to the system, and to more or less completely ignore the intricate and advanced security systems in place in Windows NT and the NTFS file system. This kind of turned out to be a very bad idea, and allowed Microsoft and its 3rd party developers to become hopelessly sloppy; most Windows applications more or less assumed they were run by administrators. It also allowed malware full access to the system when executed. Cue User Account Control.

I'm currently splitting some apps we develop at work into services and userland applications. Vista does certainly enforce you to write more well designed programs.

All those complaints about UAC being annoyed are an effect of Windows apps being badly written. You can draw a very crude and technically innacurate comparison between graphical sudo frontends and UAC, from the users pont of view. Apart from the much more complex security infrastructure present in Windows NT-based systems and the fact that the way UAC prompts for user authorization is more secure than those programs, they serve the same purpose: give temporary elevated rights to programs after user authorization. It's actually more complex than that, but let's keep things simple here. The problem is that too many Windows apps require those elevated rights, that's why people complain about UAC but don't complain about those graphical sudo frontends installed in desktop-oriented Linux distributions.

Now regarding the issue of being able to run services as LOCAL_SYSTEM without an UAC prompt (other than the prompt required to install the service), the same can be said about Linux daemons installed by a program ran through sudo. Perhaps a better implementation would require the programs to state all their security requirements (needs to install a service, needs to write to some registry key, etc.) before doing anything, so that the user could be presented with that information in a single UAC prompt. Maybe that's possible with UAC already, I don't know the UAC API. Anyways, it would certainly take some time to modify all apps the regular user uses to comply with that.

The way I see it, UAC is not in the list of Vista features that Microsoft will consider removing, crippling or deprecating for the next Windows versions.

I'm no security expert by far, so take my words with a grain with salt.